Sony copy-protected cds install rootkit on your computer

Windows XP - Solution 1
Right-click on the drive icon for your CD drive, CD recorder, or DVD drive, and select Properties.
Choose the AutoPlay tab, and choose the desired action for each type of CD. For example, choose Music CD, then click Select an action to perform, then select Take no action.

http://www.wired.com/news/rants/0,2350,69467,00.html?tw=wn_tophead_2

xpost

Of course, the music industry sued a Princeton student for letting people know about that, so I better add that I just made that whole shift key thing up I don't even know what a CD or PC is whoot whoot!

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

I closed the player and expected $sys$DRMServer’s CPU usage to drop to zero, but was dismayed to see that it was still consuming between one and two percent. It appears I was paying an unknown CPU penalty for just having the process active on my system. I launched Filemon and Regmon to see what it might be doing and the Filemon trace showed that it scans the executables corresponding to the running processes on the system every two seconds, querying basic information about the files, including their size, eight times each scan. I was quickly losing respect for the developers of the software...

I checked the EULA and saw no mention of the fact that I was agreeing to have software put on my system that I couldn't uninstall.

the description of what this guy ran into while trying to manually remove the rootkit is mindboggling

...

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

Excellent work! I was about to buy the new Santana CD which comes out tomorrow and is advertised as copy protected. I’ll have to re-think this!

# posted by goober : 5:54 PM, October 31, 2005

don't buy Santana

http://www.amazon.com/exec/obidos/tg/detail/-/B000B5QWNI/102-3048447-4706548?v=glance

http://www.google.com/search?q=site%3Aamazon.com+COPY-PROTECTED

pretty cool that Amazon made it so searchable.

another comment from further down the blog casually comments that by reverse engineering sony's copy protection and exposing it online, he is technically in violation of the DMCA. I'd love to see Sony try and sue him now.

Well fuck it. I hope it does, they deserve it for their sheer technical ineptitude at this point, never mind the principle of the thing!

The last Sony product I bought, the software was both inexplicably bad & yet also insurmountable/essential to the operation of the device. It was for all practical purposes unusable from day one of purchase. They burned my goodwill up completely with that.

October 28, 2005
Profit at Sony Drops 47%; Sales Are Flat for Quarter
By MARTIN FACKLER

TOKYO, Oct. 27 - Sony, the troubled electronics giant, reported a 47 percent slide in quarterly profit on Thursday, as sales of television sets and Walkman music players fell and its Hollywood studio failed to produce any big hits.

The company, based in Tokyo, said net profit in the three months ended Sept. 30 fell to 28.5 billion yen, or $247 million at current exchange rates. Sales were flat from the quarter a year earlier at 1.7 trillion yen, or $14.74 billion.

Sony would have reported a loss were it not for a one-time gain equivalent to $637 million, the chief financial officer, Nobuyuki Oneda, said at a news conference. The gain resulted from the transfer of part of the company's employee pension plan to the government.

Sony also reiterated its outlook for a loss of nearly $87 million for the fiscal year ending in March. It would be the company's first annual loss in more than a decade.

Once a name synonymous with innovation, Sony has been slow to capitalize on new trends like portable digital music, where it trails Apple Computer's popular iPod. The company has also struggled to respond to cheaper rivals in lower-wage Asian countries like China that have flooded global markets with television sets, DVD players and other consumer electronics.

Last month, the chief executive, Sir Howard Stringer, introduced a plan to eliminate jobs and reorganize the company in an attempt to restore some of the creative magic that once made Sony a household name in the United States and a symbol of Japan's manufacturing might.

Thursday's financial results did not reflect the effects of that plan. But they did underscore the challenges facing Sir Howard in reviving Sony, a sprawling conglomerate with businesses as diverse as semiconductors and auto insurance.

Success will hinge on his ability to turn around the core electronics business, which provides two-thirds of total revenue. The company attributed much of its lackluster performance last quarter to declining sales of plasma television sets, digital cameras and the Walkman, which competes with iPod.

Over all, sales in the electronics divisions were flat at 1.2 trillion yen, or $10.4 billion. Electronics had an operating profit equivalent to $150 million, Mr. Oneda said. In answer to a question, he acknowledged that electronics would have lost $390 million to $434 million without the pension transfer.

He noted a bright spot in Sony's money-losing television division: strong sales in the United States of the new Bravia line of liquid-crystal display TV sets. "Bravia is doing better than we expected," Mr. Oneda said.

A movie unit, Sony Pictures Entertainment, had an operating loss equivalent to $57.2 million. While box-office revenue was strong last year on the success of "Spider-Man 2," the studio's hope for this year, "Stealth," had a disappointing performance, the company said.

The games division reported an operating profit of $71.1 million, in contrast to a slight loss a year earlier. Revenue jumped by more than 75 percent, to 214.2 billion yen, or $1.86 billion, as sales of PlayStation Portable, a hand-held gadget, and PlayStation 2 increased.

otherwise they 'autoplay' in Windows(?) or some kind of shitty on-board proprietary media player and THEN YOU'RE FUCKED.

I mean, I don't know, guys.. I think Sony might have a leg up on those downloading scamps just yet.

-- Keith C

public outrage? Then again it's hard enough to whip that up about rigged voting machines or an illegal war so.... boycott Sony is still your best option. And buy up those Miles Davis lp's now.

(or what hstencil said)

just the same, this is something to fight I think

The Life Aquatic with Steve Zissou [SOUNDTRACK] [CONTENT/COPY-PROTECTED CD]

and fuck, how many miles davis records do you people need anyway?

& yeah x2 xpost it is ludicrous to sustain outrage on music copy protection after last year

http://www.projectcensored.org/newsflash/voter_fraud.html

I should go eat some food

Also, milton parker OTM- Sony created a patch one day after the sysinternals story got attention- it has nothing to do with 'virus adaptation'. Total damage control.

Thank you!

WRONG.

http://www.stiller.com/cih.htm

Is there a difference between this and "Copy Controlled", or is it the same thing?

Nope, the devil's in the details. CIH didn't damage the hardware, what it did was corrupt the memory held in that particular chip. You'll see in Stiller's explanation that it could be reinitialized. The chip was intact and could be reprogrammed. It was just often simpler to replace it because of economics and circumstance. Back in DOS and Win 3.1. days, coincidentally, I used to have a copy of Integrity Master. Was a good program.

It does depend on your notion of what break means. To the average user the CIH payload certainly appeared to break the PC.

http://content.yieldmanager.com/5783/32824/113699755436b9996adf7c.gif

you're kidding, what about the rental market? isn't blockbuster going to shit over this?

A lot of people think the former. You're not alone. The second is
a stubborn myth. It was much more prevalent in the mid-90's when I ran a forum on computer security.

By Ted Bridis
The Associated Press
Friday, November 11, 2005; 2:02 PM

Stung by continuing criticism, the world's second-largest music label, Sony BMG Music Entertainment, promised Friday to temporarily suspend making music CDs with antipiracy technology that can leave computers vulnerable to hackers.

Sony defended its right to prevent customers from illegally copying music but said it will halt manufacturing CDs with the "XCP" technology as a precautionary measure. "We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use," the company said in a statement.

The antipiracy technology, which works only on Windows computers, prevents customers from making more than a few copies of the CD and prevents them from loading the CD's songs onto Apple Computer's popular iPod portable music players. Some other music players, which recognize Microsoft's proprietary music format, would work.

Sony's announcement came one day after leading security companies disclosed that hackers were distributing malicious programs over the Internet that exploited the antipiracy technology's ability to avoid detection. Hackers discovered they can effectively render their programs invisible by using names for computer files similar to ones cloaked by the Sony technology.

Sony's program is included on about 20 popular music titles, including releases by Van Zant and The Bad Plus.

"This is a step they should have taken immediately," said Mark Russinovich, chief software architect at Internals Software who discovered the hidden copy-protection technology Oct. 31 and posted his findings on his Web log. He said Sony did not admit any wrongdoing, nor did it promise not to use similar techniques in the future.

Security researchers have described Sony's technology as "spyware," saying it is difficult to remove, transmits without warning details about what music is playing, and that Sony's notice to consumers about the technology was inadequate. Sony executives have rejected the description of their technology as spyware.

Some leading antivirus companies updated their protective software this week to detect Sony's antipiracy program, disable it and prevent it from reinstalling.

After Russinovich criticized Sony, it made available a software patch that removed the technology's ability to avoid detection. It also made more broadly available its instructions on how to remove the software permanently. Customers who remove the software are unable to listen to the music CD on their computer.

But what about XFree86 warning you that you can do this on some monitors?

This has pretty much stayed the case. Actually, it's probably easier now to make it look like the hardware has been damaged because the savvy of the average user, being more of them by magnitudes, is lower, and systems are much less transparent.

The old Gulf War computer virus hoax from about a decade ago was built upon the idea that computer hardware could be damaged. It's been revived with some frequency, often in slightly different forms.

My second idea is for everyone to buy Sony CDs and then return them for refunds whenn they aren't fully functional. Ha ha ha.

That's the entire point. Technically, Sony could be prosecuted criminally because the case could be argued by someone expert in malicious software and its creation that the people who made it knew it would cause a fault if tampered with by someone inexpert. In other words, almost everybody. In fact, one of its selling points was probably that it would cause a fault, thereby preventing any Sony music from being put into the computer, and anyone else's, for that matter. A good criminal case would uncover e-mails and memos discussing the nature of the program. They would be very interesting, I think.

Sony, as a corporation, would have a hard time convincing anyone it was non compos mentis in a way that someone who wore hair curlers in their beard and a box on their head might.

So the easy way out of the user agreement is to consider it part of a criminal enterprise, the distribution and installation of the Sony trojan. At which point it becomes part of the malicious operation and is closer to extortion, threats and blackmail. Believe you me, if a loner in his twenties had written and distributed the Sony trojan, authorities could and would be after him as a virus-writer.

http://www.msnbc.msn.com/id/10053831/

DHS Official Weighs In on Sony

http://blogs.washingtonpost.com/securityfix/2005/11/the_bush_admini.html

"It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.

"If we have an avian flu outbreak here and it is even half as bad as the 1918 flu, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is going to be a matter of life and death and we take it very seriously."

It now appears that at least 568,200 nameservers have witnessed DNS queries related to the rootkit. How many hosts does this correspond to? Only Sony (and First4Internet) knows...unsurprisingly, they are not particularly communicative. But at that scale, it doesn't take much to make this a multi-million host, worm-scale Incident. [...]

I also have an IP->Geographic data, courtesy of Mike Schiffman's libipgeo and the fine folks at IP2Location, who have a very impressive database. So, the first thing I did was geolocate the data. After dispensing with the raw stats gather...

What can I say? Pretty pictures. Ugly data, but pretty pictures!

http://www.doxpara.com.nyud.net:8090/planetsony_usa.JPG
http://www.doxpara.com.nyud.net:8090/planetsony_asia.JPG
http://www.doxpara.com.nyud.net:8090/planetsony_europe.JPG

open letter from the EFF with prudent legal advice (the already-announced CD recall is only their first of eight suggestions): http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html

not a word of this in this week's Rolling Stone or any other music magazine I've seen (i.e. the readers who most need to be informed to run the new patch as soon as possible). just lots of full page advertisements & coverage of artists on the list.

Oh...it also interferes with the functioning of iTunes. And only time will tell if it has security ramifications that'll require dealing with.

Masking tape can prevent initial installation

I'm trying to gauge the affected Sony artists' response to this, verbal or in action.

http://cp.sonybmg.com/xcp/english/titles.html

Those damn kids just can't stop trading those Shel Silverstein and Gerry Mulligan MP3s!

What a bunch of dopes, this is going to cost them dearly to clean up.

However, it seems there's some confusion at the retail level. The record store folks were going by a BBC source that didn't list Kings Of Leon, which is in a list I saw that my mom's admin at a government science sector (!) sent out (and and listed by Milton above on this thread). As a result it was still on their shelf even though clearly labeled with the Sunncomm copy protection label.

They also said that they had a customer who insisted on buying TWO of the infected discs with the understanding (and vehement insistence of store staff) that they would never be put into a computer.

systems are not vulnerable as long as you're running as a regular user, not an admin. Do not attempt to play audio CDs while logged in as an administrator!

Mac OS/X, Linux, and Solaris systems are not vulnerable.

FOR HOME OR PERSONAL SYSTEMS:

Q. HOW DO I KNOW IF I AM INFECTED?
A. Create a file "temp.txt" on your desktop (e.g. with notepad).
Rename it to "$sys$temp.txt" (no quotes, but use dollar signs).
If it disappears off your desktop, you are infected.

Q. I'M INFECTED, HOW DO I FIX IT?
A. Sophos has a tool do remove the rootkit:
http://www.sophos.com/support/disinfection/rkprf.html
NOTE: DO NOT USE the kit supplied by Sony; it causes more damage:
http://www.theinquirer.net/?article=27714
ALSO NOTE: Microsoft's next monthly security update promises to
remove the rootkit, but if you're infected DON'T WAIT TILL THEN!

Q. HOW WIDESPREAD IS THIS PROBLEM?
A. Over half a million *NETWORKS* are confirmed to be "infected" so far:
http://www.doxpara.com.nyud.net:8090/
http://www.doxpara.com.nyud.net:8090/planetsony_usa.JPG

Q. HOW DO I SPOT ONE OF THESE CDS?
A. http://www.eff.org/IP/DRM/Sony-BMG/
This site has pictures and other details.

Q. HOW DID THIS GET DISCOVERED?
A. A security researcher discovered it in late October this year:
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

Q. WHAT IS SONY DOING ABOUT IT?
A. Recalling the CDs, and facing several class action lawsuits: http://news.bbc.co.uk/1/hi/technology/4441928.stm
http://news.bbc.co.uk/1/hi/technology/4424254.stm

Q. WHAT CDS ARE KNOWN TO HAVE THIS ROOTKIT?
A. We know of 47 specific CDs but there may be more:
A Static Lullaby - Faso Latido
Acceptance - Phantoms
Ahmed Jamal - The Legendary Okeh and Epic Recordings
Amerie - Touch
Amici Forever - Defined
Anna Nalick - Wreck of the Day
Bob Brookmeyer - Bob Brookmeyer & Friends
Buddy Jewel - Times Like These
Celine Dion - On Ne Change Pas
Charlotte Martin - On Your Shore
Chayanne - Cautivo
Chris Botti - To Love Again
David Gray - Life In Slow Motion
Dexter Gordon - Manhattan Symphonie
Dion - The Essential Dion
Elkland - Golden
Foo Fighters - In Your Honour
George Jones - My Very Special Guests
Goapele - Change It All
Hitch - Soundtrack
Horace Silver - Silver's Blue
Kasabian - Kasbian
Kings of Leon - Aha Shake Heartbreak
Life of Agony - Broken Valley
Los Lonely Boys - TBD
Mario - Turning Point
Mary Mary - Mary Mary
Montgomery Gentry - Something To Be Proud Of: The Best of 1999-2005
My Morning Jacket - Z
Natasha Bedingfield - Unwritten
Neil Diamond - 12 Songs
Nivea - Complicated
Our Lady Peace - Healthy In Paranoid Times
Patty Loveless - Dreamin' My Dreams
Pete Seeger - The Essential Pete Seeger
Raheem DeVaughn - The Love Experience
Ricky Martin - Life
Santana - All That I Am
Sarah McLachlan - Bloom Remix Album
Shelly Fairchild - Ride
Susie Suh - Susie Suh
Switchfoot - Nothing Is Sound
The Bad Plus - Suspicious Activity
The Coral - The Invisible Invasion
The Dead 60s - The Dead 60s
Van Zant - Get Right with the Man
Vivian Green - Vivian

Sony's copy-protect malware and the writing of viruses.

1) The number of music publication and corporate networks of news organizations where entertainment journalists and rock critics on staff loaded the Sony malware before the news broke (and inside that, how many actually were allowed to or wanted to write of it).

2) The number of government and DoD networks where civil servants, soldiers and officers who listen to or sneak music into the office installed it.

No. And, no, the public won't remember. But the two are unrelated. The public has never remembered who was arrested for writing viruses and the term ordered as punishment. Which is why a class action settlement is unsufficient. A criminal case against Sony execs for distributing a malicious program that altered the operations of consumers' private machines in a surreptitious manner would teach Sony a bigger lesson. With this particular settlement, they get off easy and the lesson that if they do something similar in the future and get caught again they will be able to buy their way out of it. Sentencing a virus writer deters the virus-writer from continuing to write viruses when gets out. It would stand to do the same for a corporation.

A single individual if caught doing what Sony did would get jail. Not more than 18 months, but they'd still get a sentence. Journalists would do well to continue to observe and castigate major labels which employ copy protection schemes with varying degrees of hostility directed at the buyers of pop music.

Unless I can find some authoritative information, I'm afraid the effect of this scandal is that I will be hestitant to purchase anything that's not on an indie label.

such strange faith you have in indie labels.

http://www.boingboing.net/2006/03/24/emi_releases_brazili.html

http://www.canada.com/vancouversun/news/arts/story.html?id=e6a6cbf0-124b-468f-9323-043316f1b809&k=40858